We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

576,000 Roku Accounts Hacked In Second Security Breach

576,000 Roku Accounts Hacked In Second Security Breach
Author Image Keira Waddell
Keira Waddell Published on 17th April 2024 Senior Writer

Roku has confirmed that a credential-stuffing attack has compromised approximately 576,000 user accounts. This attack follows a similar incident that occurred last month, which affected over 15,000 accounts. The latest round of malicious activity was detected due to Roku’s close monitoring of account activities following the initial incident.

Malicious actors utilized stolen username and password combinations from data breaches affecting other services to gain unauthorized access to Roku accounts, a method known as credential stuffing. If the affected user has the same email and password combo across several online accounts, such attacks prove to be highly effective.

Roku has stated that fewer than 400 of the compromised accounts were used to make unauthorized purchases of Roku hardware and streaming service subscriptions via stored payment methods. The company has already taken steps to refund or reverse any fraudulent transactions.

Sensitive user data, including full payment details and personal information, were not accessed during the attack.

In response to these security incidents, Roku has implemented two-factor authentication for all accounts. This additional layer of security requires users to verify their identity with a second form of authentication, enhancing account security and mitigating the risk of credential stuffing.

Following the breach, Roku urged users to create strong and unique passwords and remain vigilant for any suspicious activities. The company also reset passwords for all affected accounts and has been actively notifying impacted customers about the necessary steps that must be taken to secure their accounts.

Roku’s commitment to user security is evident in its rapid response and transparency regarding the breaches. "We sincerely regret that these incidents occurred and any disruption they may have caused," Roku’s staff said in a statement. "Your account security is a top priority, and we are committed to protecting your Roku account with robust security measures."

The recent incidents affecting Roku highlight the critical need for internet users to secure their accounts. Users are encouraged to use unique passwords for different sites and enable two-factor authentication where available to safeguard their online profiles.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.